If your SIP traffic is TLS enrypted, it becomes impossible to monitor it with nice visual tools like sngrep. sngrep can’t read the traffic because it normaly only has access to the unencrypted SIP traffic on the PXB.
The Asterisk module res_hep solves this problem. It plays the old man in the middle game to divert a copy of the unencrypted traffic to a HEP-server, so it can be seen in the clear before being encrypted for going over the line.
Asterisk -> HEP module (sends copy of traffic to HEP server) -> SIP encapsulated in TLS Crypto -> Other peer / registrar
Setup is easy:
# Configure the Asterisk hep-module #/etc/asterisk/hep.conf [general] enabled = yes capture_address = 10.10.10.1:12345 # use the ip of your PBX here capture_password = mypassword capture_id = 1234 capture_name = asterisk uuid_type = call-id
# Configure sngrep as a HEP-Server # /root/.sngreprc set eep.listen on set eep.listen.address 10.10.10.1 set eep.listen.port 12345 set eep.listen.pass mypassword set eep.listen.uuid on
Now run sngrep and you should see your encrypted SIP-traffic:
sngrep -d lo